The GDPR Regulations (General Data Protection Regulations) were implemented on the 25th May 2018.

Regardless of your geographical location, your business must be GDPR compliant if it processes the personal data of EU citizens. This is the first time that EU data protection regulations have been extended to include businesses from around the world.

If you want to use personal information such as from any email or marketing campaigns you may have carried out, then you must be able to prove valid consent under the GDPR. Clear and affirmative consent is required - so it’s not enough to simply pre-select a tick box on an online form, for example. You need to provide clear and simple language when an individual provides personal information so that the individual understands what you plan to do with their data, how you are collecting this data and how you will process it.

Below are the key processes you need in place in order to comply with the GDPR regulations.

1. Define who in your organisation is responsible for Data Protection.

2. Review all current policy documents regarding data collection and storage.

3. Review your procedures for obtaining consent.

4. Source the correct legal documentation for all the data you hold.

5. Set up an accountability framework for the business.

6. Create a process to respond to any potential security breaches.

7. Design a process for dealing with requests from data subjects.

8. Explain how and why you collect data in your Privacy Policy.

9. Ensure your automated systems are up to date.

10. Do not store data if you do not need it.

With these rules in place you can help ensure your business is fully compliant with the GDPR regulations. The Information Commissioners Office (ICO) website has a wealth of information (click here) which will help guide you through any queries you may have.